Information security policies in the UK healthcare sector: A critical evaluation

Information Systems Journal

Volumn 22, Issue 1, 2012, Pages 77-94

  Stahl, Bernd Carsten ^a   Doherty, Neil F ^b   Shaw, Mark ^a  

^a DE MONTFORT UNIVERSITY   (United Kingdom)

^b LOUGHBOROUGH UNIVERSITY   (United Kingdom)

Author keywords

Critical research; Habermas; Health care; Hegemony; Ideology; Information security

Indexed keywords

CRITICAL DISCOURSE ANALYSIS; CRITICAL EVALUATION; EXISTING PROBLEMS; HABERMAS; HEALTHCARE SECTORS; HEGEMONY; IDEOLOGY; INFORMATION ACCURACY; INFORMATION RESOURCE; INFORMATION SECURITY POLICIES; NATIONAL HEALTH SERVICES; PATIENT CONFIDENTIALITY;

HEALTH CARE; HEALTH RISKS; RESEARCH; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 84855226627     PISSN: 13501917     EISSN: 13652575     Source Type: Journal    
DOI: 10.1111/j.1365-2575.2011.00378.x     Document Type: Article

References (57)

1. Acquisti, A. (2004) Privacy and security of personal information: economic incentives and technological solutions. In: Economics of Information Security, Camp, L.J. & Lewis, S. (eds), pp. 179-186. Kluwer, Dordrecht, The Netherlands.
2. Alvarez, R. (2001) 'It was a great system'- face-work and the discursive construction of technology during information systems development. Information Technology & People, 14, 385-405.
3. Alvarez, R. (2008) Examining technology, structure and identity during an enterprise systems implementation. Information Systems Journal, 18, 203-224.
4. Alvesson, M. & Willmott, H. (eds) (2003) Studying Management Critically. Sage, London, UK.
5. Avgerou, C (2005) Doing critical research in information systems: some further thoughts. Information Systems Journal, 15, 103-109.
6. Backhouse, J., Hsu, C.W. & Silva, L. (2006) Circuits of power in creating de jure standards: shaping an international information systems security standard. MIS Quarterly, 30, special issue on standard making, 413-438.
7. Bloomfield, B. (1992) Information technology, control and power: the centralization and decentralization debate revisited. Journal of Management Studies, 29, 459-484.
8. Cecez-Kecmanovic, D., Klein, H.K. & Brooke, C. (2008) Exploring the critical agenda in information systems research. Information Systems Journal, 18, 123-135. doi:10.1111/j.1365-2575.2008.00295.x
9. Chouliaraki, L. & Fairclough, N. (1999) Discourse in Late Modernity - Rethinking Critical Discourse Analysis. Edinburgh University Press, Edinburgh, UK.
10. Cukier, W., Bauer, R. & Middleton, C. (2004) Applying Habermas' validity claims as a standard for critical discourse analysis. In: Information Systems Research - Relevant Theory and Informed Practice, Kaplan, B., Truex, D., Wood-Harper, T & DeGross, J. (eds), pp. 233-258. Kluwer Academic Publishers, Dordrecht, The Netherlands.
11. Deetz, S. (1992) Disciplinary power in the modern corporation. In: Critical Management Studies, Alvesson, M. & Willmott, H. (eds), pp. 21-45. Sage, London, UK.
12. Dhillon, G (2004) Realizing benefits of an information security program. Business Process Management Journal, 10, 21-22.
13. Dhillon, G. & Torkzadeh, G. (2006) Value-focused assessment of information system security in organizations. Information Systems Journal, 16, 293-314.
14. DofH (2007) Information Security Management: NHS Code of Practice. Department of Health, London, UK.
15. Doherty, N.F. & Fulford, H. (2005) Do information security policies reduce the incidence of security breaches: an exploratory analysis. Information Resources Management Journal, 18, 20-38.
16. Doherty, N.F. & Fulford, H. (2006) Aligning the information security policy with the strategic information systems plan. Computers & Security, 23, 55-63.
17. Doherty, N.F., Anastasakis, L. & Fulford, H. (2009) The information security policy unpacked: a critical study of the content of university policies. International Journal of Information Management, 29, 449-457.
18. Donaldson, A. & Walker, P. (2004) Information governance - a view from the NHS. International Journal of Medical Informatics, 73, 281-284.
19. Doolin, B. (1999) Sociotechnical networks and information management in health care. Accounting, Management & Information Technology, 9, 95-114.
20. Fairclough, N. (1993) Critical Discourse Analysis and the Marketization of Public Discourse: The Universities, Discourse & Society, 4, 133-168.
21. Fairclough, N. (2003) Analysing Discourse - Textual Analysis for Social Research, London & New York. Routledge, London, UK & New York, USA.
22. Feenberg, A. (1991) Critical Theory of Technology. Oxford University Press, New York, USA.
23. Foucault, M. (1975) Surveiller Et Punir: Naissance De La Prison. Gallimard, Paris, France.
24. Gold, S. (2010) Securing the NHS. Computer Fraud & Security, 5, 11-14.
25. Grint, K. & Woolgar, S. (1997) The Machine at Work: Technology, Work, and Organization. Blackwell, Cambridge, UK.
26. Gritzalis, D. & Lambrinoudakis, C. (2009) A security architecture for interconnecting health information systems. International Journal of Medical Informatics, 73, 305-309.
27. Habermas, J. (1981) Theorie des kommunikativen Handelns, Band I. Suhrkamp Verlag, Frankfurt a. M, Germany.
28. Hawkes, D. (2003) Ideology, 2nd edn. Routledge, London, UK.
29. Herath, T. & Rao, H.R. (2009) Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18, 106-125.
30. Horkheimer, M. (1937) Nachtrag zu 'Traditionelle und kritische Theorie'. In: Traditionelle und kritische Theorie, Horkheimer, M (ed.), 1992 pp. 261-269. Suhrkamp, Frankfurt, Germany.
31. How, A. (2003) Critical Theory. Palgrave McMillan, New York, USA.
32. ISO (2005) Information Technology - Security Techniques - Code of Practice for Information Security Management - ISO 17799. International Standards Organization, Geneva, Switzerland.
33. Kincheloe, JL & McLaren, P (2005) Rethinking critical theory and qualitative research. In: SAGE Handbook of Qualitative Research, 3rd edn, Denzin, N.K. & Lincoln, Y.S. (eds), pp. 305-342. Sage, Thousand Oaks, CA, USA.
34. Klein, H.K. & Huynh, M.Q. (2004) The critical social theory of Jürgen Habermas and its implications for IS research. In: Social Theory and Philosophy for Information Systems, Mingers, J. & Willcocks, L. (eds), pp. 157-237. Wiley, Chichester, UK.
35. Knights, D. & Willmott, H. (1999) Management Lives: Power and Identity in Organizations. Sage, London, UK.
36. Kohli, R. & Kettinger, W.J. (2004) Informating the clan: controlling physicians' costs and outcomes. MIS Quarterly, 28, 363-394.
37. Landwehr, C.E., Heitmeyer, C.L. & McLean, J.D. (2001) A security model for military message systems: retrospective. [WWW document]. URL (accessed 4 January 2006).
38. Lyytinen, K. (1992) Information Systems and Critical Theory. In: Critical Management Studies, M. Alvesson and H. Willmott (eds), pp. 159-180. Sage Publications, London, UK.
39. McGrath, K. (2005) Doing critical research in information systems: a case of theory and practice not informing each other. Information Systems Journal, 15, 85-101.
40. Myers, M.D. & Klein, H.K. (2011) A set of principles for conducting critical research in information systems. MIS Quarterly, 35, 17-36.
41. Ngwenyama, O.K. & Lee, A.S. (1997) Communication richness in electronic mail: critical social theory and the contextuality of meaning. MIS Quarterly, 21, 145-167.
42. Nikander, P. & Karvonen, K. (2000) Users and trust in cyberspace. Cambridge Security Protocoll Workshop, 3-5 July, 2000 Cambridge, England.
43. Nissenbaum, H. (2005) Where computer security meets national security. Ethics and Information Technology, 7, 61-73.
44. Palvia, P., Mao, E., Salam, A.F. & Soliman, K. (2003) Management information systems research: what's there in a methodology? Communications of the Association for Information Systems, 11, 289-309.
45. Power, M. & Laughlin, R. (1992) Critical theory and accounting. In: Critical Management Studies, Alvesson, M. & Willmott, H. (eds), pp. 113-135. Sage, London, UK.
46. PWC (2010) Information Security Breaches Survey 2010. Price Waterhouse Coopers, London, UK.
47. Rees, J., Bandyopadhyay, S. & Spafford, E.H. (2003) PFIRES: a policy framework for information security. Communications of the ACM, 46, 101-106.
48. Richardson, H. & Robinson, B. (2007) The mysterious case of the missing paradigm: a review of critical information systems research 1991-2001. Information Systems Journal, 17, 251-270.
49. Schultze, U. & Leidner, D. (2002) Studying knowledge management in information systems research: discourses and theoretical assumptions. MIS Quarterly, 26, 213-242.
50. Siponen, M., Willison, R. & Baskerville, R. (2008) Power and practice in information systems security research. In: Proceedings of the Twenty Ninth International Conference on Information Systems. Paris.
51. Siponen, M.T. (2005) Analysis of modern is security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization, 15, 339-375.
52. Stahl, B. (2008) Information Systems: Critical Perspectives (Routledge Studies in Organization and Systems). Routledge, London, UK.
53. Stahl, B.C. (2004) Responsibility for information assurance and privacy: a problem of individual ethics? Journal of Organizational and End User Computing, 16, 59-77.
54. Walsham, G. (2005) Learning about being critical. Information Systems Journal, 15, 111-117.
55. Waring, T. (2004) From critical theory into information systems practice: a case study of a payroll-personnel system. In: Information Systems Research: Relevant Theory and Informed Practice, (IFIP 8.2 Proceedings), Kaplan, B., Truex, D.P., Wastell, D., Wood-Harper, A.T. & DeGross, J. (eds), pp. 556-575. Kluwer, Dordrecht, The Netherlands.
56. Watson, H. & Wood-Harper, T. (1996) Deconstruction contexts in interpreting methodology. Journal of Information Technology, 11, 59-70.
57. Workman, M., Bommer, W.H. & Straub, D. (2008) Security lapses and the omission of information security measures: a threat control model and empirical test. Computers in Human Behavior, 24, 2799-2816.